Changelog for
python311-lxml-5.3.0-19.5.x86_64.rpm :
* Wed Sep 25 2024 Adrian Schröter
- 5.3.0 (2024-08-10) Features added - GH#421: Nested CDATA sections are no longer rejected but split on output to represent ]]> correctly. Patch by Gertjan Klein. Bugs fixed - LP#2060160: Attribute values serialised differently in xmlfile.element() and xmlfile.write(). - LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin. Other changes - LP#2067707: The strip_cdata option in HTMLParser() turned out to be useless and is now deprecated. - Built with Cython 3.0.11.
* Fri Jun 14 2024 Daniel Garcia - Remove not needed patch skip-test-under-libexpat-2.6.0.patch- Update to 5.2.2: - GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case. - LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to \"core2\", without SSE 4.2. - If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.- 5.2.1 - LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to \"core2\", but with SSE 4.2 enabled. - LP#2059977: ``Element.iterfind(\"//absolute_path\")`` failed with a ``SyntaxError`` where it should have issued a warning. - GH#416: The documentation build was using the non-standard ``which`` command. Patch by Michał Górny.- 5.2.0 - LP#1958539: The ``lxml.html.clean`` implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library: https://github.com/fedora-python/lxml_html_clean Projects that use lxml without \"lxml.html.clean\" will not notice any difference, except that they won\'t have potentially vulnerable code installed. The module is available as an \"extra\" setuptools dependency \"lxml[html_clean]\", so that Projects that need \"lxml.html.clean\" will need to switch their requirements from \"lxml\" to \"lxml[html_clean]\", or install the new library themselves. - The minimum CPU architecture for the Linux x86 binary wheels was upgraded to \"sandybridge\" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added. - Built with Cython 3.0.10.- 5.1.2 - LP#2059977: ``Element.iterfind(\"//absolute_path\")`` failed with a ``SyntaxError`` where it should have issued a warning.- 5.1.1 - LP#2048920: ``iterlinks()`` in ``lxml.html`` rejected ``bytes`` input in 5.1.0. - High source line numbers from the parser are no longer truncated (up to a C ``long``) when using libxml2 2.11 or later. - GH#407: A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok. - Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39. - Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39. - Built with Cython 3.0.9.
* Thu Feb 15 2024 Daniel Garcia - Add skip-test-under-libexpat-2.6.0.patch to skip broken test with expat 2.6.0, gh#python/cpython#115133
* Wed Jan 24 2024 ecsos - Fix build error for Leap. Use build and test as descriped on upstream.
* Sun Jan 14 2024 Adrian Schröter - update to version 5.1.0: Details on https://lxml.de/5.1/changes-5.1.0.html removed merged patches: - ISO-Schematron-schema-optional.patch - remove-ISO-Schematron-schema.patch - close_file_before_test.patch
* Wed Dec 20 2023 Dirk Müller - update to 4.9.4:
* LP#2046398: Inserting/replacing an ancestor into a node\'s children could loop indefinitely.
* LP#1980767, GH#379: ``TreeBuilder.close()`` could fail with a ``TypeError`` after parsing incorrect input.
* LP#1522052: A file-system specific test is now optional and should no longer fail on systems that don\'t support it.
* Built with Cython 0.29.37.- drop libxml2212-tests.patch (upstream)
* Mon Nov 27 2023 Markéta Machová - Add libxml2212-tests.patch to fix tests with new libxml2
* Wed Sep 06 2023 Dirk Müller - skip html5lib tests - cyclic dependency with html5lib tests- remove python 2.x from testing
* Sun Aug 13 2023 Dirk Müller - update to 4.9.3:
* ``lxml.objectify`` accepted non-decimal numbers like ``²²²`` as integers.
* A memory leak in ``lxml.html.clean`` was resolved by switching to Cython 0.29.34+.
* GH#348: URL checking in the HTML cleaner was improved.
* GH#371, GH#373: Some regex strings were changed to raw strings to fix Python warnings.
* Built with Cython 0.29.36 to adapt to changes in Python 3.12.
* Fri Jul 14 2023 Matej Cepl - Add ISO-Schematron-schema-optional.patch and remove-ISO-Schematron-schema.patch to remove non-free RNG schema file (bsc#1213351).
* Thu May 04 2023 David Anes - Add patch skip-test-under-libxml2-2.11.1.patch:
* Skip a test if using libxml2 >= 2.11.1
* Sun Apr 23 2023 Matej Cepl - Switch documentation to be within the main package.
* Sun Apr 23 2023 Matej Cepl - New hotness is the sle15_python_module_pythons macro.
* Wed Apr 19 2023 Steve Kowalik - Add patch skip-test-under-libxml2-2.10.4.patch:
* Skip a test if using libxml2 >= 2.10.4
* Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional.
* Thu Feb 16 2023 Dirk Müller - allow building against any libxml2 version in sle15
* Fri Jan 20 2023 Matej Cepl - Add close_file_before_test.patch, to make sure the testing data are flushed to the file (bsc#1206555).
* Thu Dec 29 2022 Torsten Gruner - update to version 4.9.2
* Bugs fixed + CVE-2022-2309: A Bug in libxml2 2.9.1[0-4] could let namespace declarations from a failed parser run leak into later parser runs. This bug was worked around in lxml and resolved in libxml2 2.10.0. https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
* LP#1981760: ``Element.attrib`` now registers as ``collections.abc.MutableMapping``.
* lxml now has a static build setup for macOS on ARM64 machines (not used for building wheels). Patch by Quentin Leffray.
* Mon Sep 19 2022 Matej Cepl - Update BR for libxml2-devel to the current version.- Add missing BR for python-base.
* Sat Jul 09 2022 Arun Persaud - update to version 4.9.1 (bsc#1201253, CVE-2022-2309):
* Bugs fixed + A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.
* Tue Jun 07 2022 Dirk Müller - update to 4.9.0:
* The mixin inheritance order in ``lxml.html`` was corrected.
* Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.
* Fri Feb 18 2022 Dirk Müller - update to 4.8.0:
* GH#337: Path-like objects are now supported throughout the API instead of just strings.
* The ``ElementMaker`` now supports ``QName`` values as tags, which always override the default namespace of the factory.
* GH#338: In lxml.objectify, the XSI float annotation \"nan\" and \"inf\" were spelled in lower case, whereas XML Schema datatypes define them as \"NaN\" and \"INF\" respectively.
* Built with Cython 0.29.28.
* Mon Jan 10 2022 Dirk Müller - update to 4.7.1:
* Chunked Unicode string parsing via ``parser.feed()`` now encodes the input data to the native UTF-8 encoding directly, instead of going through ``Py_UNICODE`` / ``wchar_t`` encoding first, which previously required duplicate recoding in most cases.
* The standard namespace prefixes were mishandled during \"C14N2\" serialisation on Python 3.
* ``lxml.objectify`` previously accepted non-XML numbers with underscores (like \"1_000\") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again.
* LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt).
* Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
* Tue Jan 04 2022 Dirk Müller - update to 4.6.5 (bsc#1193752, CVE-2021-43818):
* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.
* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.
* Wed Nov 24 2021 Dirk Müller - update to 4.6.4:
* A new property ``system_url`` was added to DTD entities.
* The ``STATIC_
*`` variables in ``setup.py`` can now be passed via env vars.- remove python-lxml-test_etree.patch (upstream)
* Tue Jun 01 2021 Matej Cepl - Add missing dependency on python-base for the devel subpackage.
* Tue Jun 01 2021 Pedro Monreal - Adapt test_etree.py to a behavioural change in libxml2 2.9.11+
* Add python-lxml-test_etree.patch
* Tue Apr 06 2021 Dirk Müller - update to 4.6.3:
* A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 ``formaction`` attribute. (bsc#1184177)
* Sun Jan 24 2021 Dirk Müller - update to 4.6.2:
* A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky \"style\" content. (bsc#1179534)
* A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky \"style\" content.
* GH#310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields. Patch by Aidan Woolley.
* ``lxml.html.InputGetter`` has a new ``.items()`` method to ease processing all input fields.
* ``lxml.html.InputGetter.keys()`` now returns the field names in document order.
* GH-309: The API documentation is now generated using ``sphinx-apidoc``.
* LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes when a default namespace was defined.
* ``TreeBuilder.close()`` raised ``AssertionError`` in some error cases where it should have raised ``XMLSyntaxError``. It now raises a combined exception to keep up backwards compatibility, while switching to ``XMLSyntaxError`` as an interface.